Navigation

← Previous Changeset
Next Changeset →

Changeset 8837

Timestamp:

09/06/08 06:53:45 (3 months ago)

Author:

westi

Message:

phpDoc corrections for KSES. Fixes #7550 props jacobsantos.

Files:

trunk/wp-includes/kses.php (modified) (30 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/wp-includes/kses.php

r8671	r8837
25	25
26	26	/**
27		* You can override this in your my-hacks.php file
28		* You can also override this in a plugin file. The
29		* my-hacks.php is deprecated in its usage.
	27	* You can override this in your my-hacks.php file You can also override this
	28	* in a plugin file. The my-hacks.php is deprecated in its usage.
30	29	*
31	30	* @since 1.2.0
…	…
36	35	if (!CUSTOM_TAGS) {
37	36	/**
38		* Kses global for default allowable HTML tags
	37	* Kses global for default allowable HTML tags.
39	38	*
40		* Can be override by using CUSTOM_TAGS constant
	39	* Can be override by using CUSTOM_TAGS constant.
	40	*
41	41	* @global array $allowedposttags
42	42	* @since 2.0.0
…	…
282	282	'type' => array ()),
283	283	'var' => array ());
	284
284	285	/**
285		* Kses allowed HTML elements
	286	* Kses allowed HTML elements.
286	287	*
287	288	* @global array $allowedtags
…	…
324	325
325	326	/**
326		* ~~wp_kses() -~~ Filters content and keeps only allowable HTML elements.
327		*
328		* This function makes sure that only the allowed HTML element names,
329		* ~~attribute names and attribute values plus only sane HTML entities~~
330		* ~~will occur in $string. You have to remove any slashes from PHP's~~
331		* ~~magic quotes before you~~ call this function.
332		*
333		* The default allowed protocols are 'http', 'https', 'ftp', 'mailto',
334		* '~~news', 'irc', 'gopher', 'nntp', 'feed', and finally 'telnet. This~~
335		* ~~covers all common link protocols, except for 'javascript' which~~
336		* ~~should not be allowed for~~ untrusted users.
	327	* Filters content and keeps only allowable HTML elements.
	328	*
	329	* This function makes sure that only the allowed HTML element names, attribute
	330	* names and attribute values plus only sane HTML entities will occur in
	331	* $string. You have to remove any slashes from PHP's magic quotes before you
	332	* call this function.
	333	*
	334	* The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news',
	335	* 'irc', 'gopher', 'nntp', 'feed', and finally 'telnet. This covers all common
	336	* link protocols, except for 'javascript' which should not be allowed for
	337	* untrusted users.
337	338	*
338	339	* @since 1.0.0
…	…
353	354
354	355	/**
355		* wp_kses_hook() - You add any kses hooks here.
356		*
357		* There is currently only one kses WordPress hook and it is
358		* called here. All parameters are passed to the hooks and
359		* expected to recieve a string.
	356	* You add any kses hooks here.
	357	*
	358	* There is currently only one kses WordPress hook and it is called here. All
	359	* parameters are passed to the hooks and expected to recieve a string.
360	360	*
361	361	* @since 1.0.0
…	…
372	372
373	373	/**
374		* ~~wp_kses_version() -~~ This function returns kses' version number.
375		*
376		* @since 1.0.0
377		*
378		* @return string Version Number
	374	* This function returns kses' version number.
	375	*
	376	* @since 1.0.0
	377	*
	378	* @return string KSES Version Number
379	379	*/
380	380	function wp_kses_version() {
…	…
383	383
384	384	/**
385		* ~~wp_kses_split() - Searches for HTML tags, no matter how malformed~~
	385	* Searches for HTML tags, no matter how malformed.
386	386	*
387	387	* It also matches stray ">" characters.
…	…
400	400
401	401	/**
402		* ~~wp_kses_split2() - Callback for wp_kses_split for fixing malformed HTML tags~~
403		*
404		* This function does a lot of work. It rejects some very malformed things
405		* ~~like <:::>. It returns an empty string, if the element isn't allowed (look~~
406		* ~~ma, no strip_tags()!). Otherwise it splits the tag into an element and an~~
407		* ~~attribute~~ list.
	402	* Callback for wp_kses_split for fixing malformed HTML tags.
	403	*
	404	* This function does a lot of work. It rejects some very malformed things like
	405	* <:::>. It returns an empty string, if the element isn't allowed (look ma, no
	406	* strip_tags()!). Otherwise it splits the tag into an element and an attribute
	407	* list.
408	408	*
409	409	* After the tag is split into an element and an attribute list, it is run
410		* through another filter which will remove illegal attributes and once
411		* ~~that is~~ completed, will be returned.
	410	* through another filter which will remove illegal attributes and once that is
	411	* completed, will be returned.
412	412	*
413	413	* @access private
…	…
461	461
462	462	/**
463		* ~~wp_kses_attr() - Removes all attributes, if none are allowed for this element~~
	463	* Removes all attributes, if none are allowed for this element.
464	464	*
465	465	* If some are allowed it calls wp_kses_hair() to split them further, and then
466	466	* it builds up new HTML code from the data that kses_hair() returns. It also
467		* removes "<" and ">" characters, if there are any left. One more thing it
468		* ~~does is to check if the tag has a closing XHTML slash, and if it does, it~~
469		* ~~puts one~~ in the returned code as well.
	467	* removes "<" and ">" characters, if there are any left. One more thing it does
	468	* is to check if the tag has a closing XHTML slash, and if it does, it puts one
	469	* in the returned code as well.
470	470	*
471	471	* @since 1.0.0
…	…
532	532
533	533	/**
534		* ~~wp_kses_hair() -~~ Builds an attribute list from string containing attributes.
	534	* Builds an attribute list from string containing attributes.
535	535	*
536	536	* This function does a lot of work. It parses an attribute list into an array
…	…
661	661
662	662	/**
663		* ~~wp_kses_check_attr_val() -~~ Performs different checks for attribute values.
	663	* Performs different checks for attribute values.
664	664	*
665	665	* The currently implemented checks are "maxlen", "minlen", "maxval", "minval"
…	…
733	733
734	734	/**
735		* ~~wp_kses_bad_protocol() - Sanitize string from bad protocols~~
736		*
737		* This function removes all non-allowed protocols from the beginning
738		* ~~of $string. It ignores whitespace and the case of the letters, and~~
739		* ~~it does understand HTML entities. It does its work in a while loop,~~
740		* ~~so it won't be~~ fooled by a string like "javascript:javascript:alert(57)".
	735	* Sanitize string from bad protocols.
	736	*
	737	* This function removes all non-allowed protocols from the beginning of
	738	* $string. It ignores whitespace and the case of the letters, and it does
	739	* understand HTML entities. It does its work in a while loop, so it won't be
	740	* fooled by a string like "javascript:javascript:alert(57)".
741	741	*
742	742	* @since 1.0.0
…	…
760	760
761	761	/**
762		* ~~wp_kses_no_null() -~~ Removes any NULL characters in $string.
	762	* Removes any NULL characters in $string.
763	763	*
764	764	* @since 1.0.0
…	…
775	775
776	776	/**
777		* ~~wp_kses_stripslashes() - Strips slashes from in front of quotes~~
778		*
779		* This function changes the character sequence \" to just "
780		* ~~It leaves all other slashes alone. It's really weird, but the~~
781		* ~~quoting from~~ preg_replace(//e) seems to require this.
	777	* Strips slashes from in front of quotes.
	778	*
	779	* This function changes the character sequence \" to just ". It leaves all
	780	* other slashes alone. It's really weird, but the quoting from
	781	* preg_replace(//e) seems to require this.
782	782	*
783	783	* @since 1.0.0
…	…
791	791
792	792	/**
793		* ~~wp_kses_array_lc() -~~ Goes through an array and changes the keys to all lower case.
	793	* Goes through an array and changes the keys to all lower case.
794	794	*
795	795	* @since 1.0.0
…	…
815	815
816	816	/**
817		* ~~wp_kses_js_entities() -~~ Removes the HTML JavaScript entities found in early versions of Netscape 4.
	817	* Removes the HTML JavaScript entities found in early versions of Netscape 4.
818	818	*
819	819	* @since 1.0.0
…	…
827	827
828	828	/**
829		* ~~wp_kses_html_error() - Handles parsing errors in wp_kses_hair()~~
830		*
831		* The general plan is to remove everything to and including some
832		* ~~whitespace,~~ but it deals with quotes and apostrophes as well.
	829	* Handles parsing errors in wp_kses_hair().
	830	*
	831	* The general plan is to remove everything to and including some whitespace,
	832	* but it deals with quotes and apostrophes as well.
833	833	*
834	834	* @since 1.0.0
…	…
842	842
843	843	/**
844		* ~~wp_kses_bad_protocol_once() - Sanitizes content from bad protocols and other characters~~
845		*
846		* This function searches for URL protocols at the beginning of $string,
847		* ~~while~~ handling whitespace and HTML entities.
	844	* Sanitizes content from bad protocols and other characters.
	845	*
	846	* This function searches for URL protocols at the beginning of $string, while
	847	* handling whitespace and HTML entities.
848	848	*
849	849	* @since 1.0.0
…	…
867	867
868	868	/**
869		* ~~wp_kses_bad_protocol_once2() -~~ Callback for wp_kses_bad_protocol_once() regular expression.
	869	* Callback for wp_kses_bad_protocol_once() regular expression.
870	870	*
871	871	* This function processes URL protocols, checks to see if they're in the
…	…
911	911
912	912	/**
913		* wp_kses_normalize_entities() - Converts and fixes HTML entities
914		*
915		* This function normalizes HTML entities. It will convert "AT&T" to the
916		* correct "AT&T", ":" to ":", "&#XYZZY;" to "&#XYZZY;"
917		* and so on.
	913	* Converts and fixes HTML entities.
	914	*
	915	* This function normalizes HTML entities. It will convert "AT&T" to the correct
	916	* "AT&T", ":" to ":", "&#XYZZY;" to "&#XYZZY;" and so on.
918	917	*
919	918	* @since 1.0.0
…	…
937	936
938	937	/**
939		* ~~wp_kses_normalize_entities2() - Callback for wp_kses_normalize_entities() regular expression~~
940		*
941		* This function helps wp_kses_normalize_entities() to only accept 16 bit
942		* ~~values~~ and nothing more for &#number; entities.
	938	* Callback for wp_kses_normalize_entities() regular expression.
	939	*
	940	* This function helps wp_kses_normalize_entities() to only accept 16 bit values
	941	* and nothing more for &#number; entities.
943	942	*
944	943	* @access private
…	…
957	956
958	957	/**
959		* ~~wp_kses_normalize_entities3() - Callback for wp_kses_normalize_entities() for regular expression~~
960		*
961		* This function helps wp_kses_normalize_entities() to only accept valid Unicode ~~numeric entities~~
962		* in hex form.
	958	* Callback for wp_kses_normalize_entities() for regular expression.
	959	*
	960	* This function helps wp_kses_normalize_entities() to only accept valid Unicode
	961	* numeric entities in hex form.
963	962	*
964	963	* @access private
…	…
976	975
977	976	/**
978		* ~~valid_unicode() -~~ Helper function to determine if a Unicode value is valid.
	977	* Helper function to determine if a Unicode value is valid.
979	978	*
980	979	* @param int $i Unicode value
…	…
989	988
990	989	/**
991		* ~~wp_kses_decode_entities() -~~ Convert all entities to their character counterparts.
992		*
993		* This function decodes numeric HTML entities (A and A). It
994		* ~~doesn't do anything with other entities like ä, but we don't need~~
995		* ~~them in the URL~~ protocol whitelisting system anyway.
	990	* Convert all entities to their character counterparts.
	991	*
	992	* This function decodes numeric HTML entities (A and A). It doesn't do
	993	* anything with other entities like ä, but we don't need them in the URL
	994	* protocol whitelisting system anyway.
996	995	*
997	996	* @since 1.0.0
…	…
1008	1007
1009	1008	/**
1010		* ~~wp_filter_kses() - Sanitize content with allowed HTML Kses rules~~
	1009	* Sanitize content with allowed HTML Kses rules.
1011	1010	*
1012	1011	* @since 1.0.0
…	…
1022	1021
1023	1022	/**
1024		* ~~wp_filter_post_kses() - Sanitize content for allowed HTML tags for post content~~
1025		*
1026		* Post content refers to the page contents of the 'post' type and not
1027		* ~~$_POST~~ data from forms.
	1023	* Sanitize content for allowed HTML tags for post content.
	1024	*
	1025	* Post content refers to the page contents of the 'post' type and not $_POST
	1026	* data from forms.
1028	1027	*
1029	1028	* @since 2.0.0
…	…
1039	1038
1040	1039	/**
1041		* ~~wp_filter_nohtml_kses() - Strips all of the HTML in the content~~
	1040	* Strips all of the HTML in the content.
1042	1041	*
1043	1042	* @since 2.1.0
…	…
1051	1050
1052	1051	/**
1053		* ~~kses_init_filters() - Adds all Kses input form content filters~~
1054		*
1055		* All hooks have default priority. The wp_filter_kses() fu~~cntion~~
1056		* ~~is added to the 'pre_comment_content' and 'title_save_pre'~~
1057		* ~~hooks. The wp_filter_post_kses() function is added to the~~
1058		* ~~'content_save_pre', 'excerpt_save_pre', and 'content_filtered_save_pre'~~
1059		* hooks.
	1052	* Adds all Kses input form content filters.
	1053	*
	1054	* All hooks have default priority. The wp_filter_kses() function is added to
	1055	* the 'pre_comment_content' and 'title_save_pre' hooks.
	1056	*
	1057	* The wp_filter_post_kses() function is added to the 'content_save_pre',
	1058	* 'excerpt_save_pre', and 'content_filtered_save_pre' hooks.
1060	1059	*
1061	1060	* @since 2.0.0
…	…
1074	1073
1075	1074	/**
1076		* kses_remove_filters() - Removes all Kses input form content filters
1077		*
1078		* A quick procedural method to removing all of the filters
1079		* that kses uses for content in WordPress Loop.
1080		*
1081		* Does not remove the kses_init() function from 'init' hook
1082		* (priority is default). Also does not remove kses_init()
1083		* function from 'set_current_user' hook (priority is also
1084		* default).
	1075	* Removes all Kses input form content filters.
	1076	*
	1077	* A quick procedural method to removing all of the filters that kses uses for
	1078	* content in WordPress Loop.
	1079	*
	1080	* Does not remove the kses_init() function from 'init' hook (priority is
	1081	* default). Also does not remove kses_init() function from 'set_current_user'
	1082	* hook (priority is also default).
1085	1083	*
1086	1084	* @since 2.0.6
…	…
1098	1096
1099	1097	/**
1100		* ~~kses_init() - Sets up most of the Kses filters for input form content~~
	1098	* Sets up most of the Kses filters for input form content.
1101	1099	*
1102	1100	* If you remove the kses_init() function from 'init' hook and
1103		* 'set_current_user' (priority is default), then none of the
1104		* ~~Kses filter hooks~~ will be added.
1105		*
1106		* First removes all of the Kses filters in case the current user
1107		* ~~does not need to have Kses filter the content. If the user does~~
1108		* ~~not have unfiltered html~~ capability, then Kses filters are added.
	1101	* 'set_current_user' (priority is default), then none of the Kses filter hooks
	1102	* will be added.
	1103	*
	1104	* First removes all of the Kses filters in case the current user does not need
	1105	* to have Kses filter the content. If the user does not have unfiltered html
	1106	* capability, then Kses filters are added.
1109	1107	*
1110	1108	* @uses kses_remove_filters() Removes the Kses filters

Navigation

Changeset 8837

Legend:

trunk/wp-includes/kses.php

Download in other formats: